It is often said about risk that the riskiest thing one can do is nothing at all. It is true that paralysis and lack of planning are dangers, but as the famed financial historian Peter L. Bernstein pointed out, risk management is about separating what is in your control from what is not.
On a strategic and tactical level, we all have four options of what to do with risk: transfer, mitigate, avoid and accept. Accepting is the "do nothing" option in some sense. Risk transfer usually means purchasing some form of insurance. Risk mitigation is often where most of security (physical, cyber or otherwise) efforts are concentrated. Risk avoidance is about having the discipline not to go chasing every opportunity.
Avoiding and accepting risks are often out of one's control and the cost/benefit analysis of mitigating and transferring risks can be challenging. But before the strategic and tactical risk management techniques there is one thing very much in your control, and that is managing one's own psychology.
There are many great anecdotes in this incredible interviews with Peter Brown, the CEO of legendary quant trading firm RenTech. One such anecdote that is particularly relevant to our interests is from the 2007 quant melt-down:
Now, what we learned from that was to always make sure we have enough on reserve to just hang on. Later, when Jim was about to retire, I reminded him of this period and asked if he was concerned that I was going to be so aggressive that I was going to blow the place up. But Jim responded that the only reason I was so aggressive was because I knew he was determined to reduce risk, another example of Jim's insight into human nature.
Throughout the interview, Peter makes it clear that despite all the rational thinking and computing power that RenTech employs, the psychological insights were just as important, if not more so.
Financial news has been covering the ARM IPO nonstop, in part because there's such a dearth of positive financial news to cover, but also because it's a bit of a gambit to test the strength of the IPO market at a time when everyone else is afraid to. Here's a story about the ARM IPO trading up 25%. In one sense, it's not surprising at all, since the bankers know that everyone is afraid. They would expect that to get their client the results they wanted, the order book would have to be so strong that it would break the spell of the closed IPO window. Then again, if this is common knowledge and we can all anticipate that it will pop, people's cynicism may win out over their fear of missing out. Trading hasn't ended on its second day, but the pop appears to be leveling off.
The big hacking news this week were two revelations of big casinos that were breached. MGM and Caesars were both hit with ransomware (thanks Justin on Twitter for the heads up), but while Caesars reportedly paid out the ransom, MGM has not. If you're an executive facing a loss of millions of dollars a day from an outage, you obviously want to get back to operating as soon as possible, with future concerns like insurance premiums, becoming a favorite target of hackers and repetitional damage remaining far off in the distance. It's a clear instance of a prisoner's dilemma, except in this case you probably have to call the FBI. If you're a casino that was founded in the 1960s with a loan from the Teamsters and perpetual rumors of organized crime, you might be slightly reluctant to do so. If you're a casino founded by an airline entrepreneur who is trying to transmute old Hollywood charm into new Vegas real estate you're probably much more inclined to listen to the feds. Knowing your psychology and your competitors psychology can be helpful, particularly if you're both at risk of being taken hostage.
No update on cyber crime would be complete without a reference to Russia, so here you go. The Turkish labor market for cybercriminals experienced a huge influx of supply as Russian criminals fled the country after the imposition of sanctions as a result of the Ukraine war. Turkey is one of the few countries trying to balance a middle path between Russia and the United States, so it is an ideal base of operations for those who would like access to the American sphere without running the risk of being in it. Talent agglomeration effects are an interesting phenomenon, and the network effects of a talent hub can't usually get airlifted from one place to another, but sometimes you can anticipate the behavior of groups of people if you understand their risk appetite and trade offs.
The United States isn't happy with Turkey for other reasons, and the Treasury Department imposed surprise sanction on five Turkish companies. These companies have been helping Russia evade sanctions. With Turkey being a NATO country that is friendly to Russian interests, there's a concern that the U.S. let a fox in the henhouse, but the reality is that Turkey is one of the best positioned countries geopolitically in the 21st century. As a big, young country with an industrial economy that can feed itself and sits between Europe and Middle East, there are few countries with as much leverage as Turkey right now. They know their value and despite their leadership's many missteps, they are determined to extract it from all parties.
If you have that kind of leverage, you tend to get what you want, even if it pisses people off. Having that kind of leverage isn't in your control, but knowing what others think is. Morocco recently suffered a tragic earthquake, but its leaders declined offers from France, Belgium and Italy. Morocco has a long and complicated history with French colonization, so there's plenty of bad blood there. In the post WWII era, Morocco became a constitutional monarchy with an emphasis on the monarchy. In that era, territorial disputes with its neighbors, particularly Algeria, which had a strong socialist bent from its anti-colonial days, flared up. The United States had its hands full in Vietnam and was reluctant to back a weak and disorganized monarchy, even if it was a natural enemy to the Soviet supported Algeria and Egypt. By the 1990s Morocco's parliament had gained more power and then 9/11 happened.
The United States, in desperate need of friends in the Middle East, bear hugged Morocco with foreign aid, money and weapons sales. Since then, Morocco hasn't looked back to its colonial past, rebuffing France and challenging Spain's claim to the Western Sahara territories (the largest and most populous non self-governed place on earth). The U.S. stepped in to smooth over relations with the Spanish and more recently brokered a deal with Israel. But the Global War on Terror has come to a close and a new set of priorities is driving American foreign policy. Following the earthquake, Morocco has not accepted U.S. aid, despite taking Spain, Qatar, the U.K. and others up on their offers.
Speaking of a country that thinks it has more leverage than it does, Kim Jong Un visited Vladimir Putin to swap guns. If you're interested in learning more about the North Korean economy, check out Byrne Hobart's piece over at The Diff. Besides the historical importance of the relationship, it's somewhat confusing to assess why Russia invests time and media attention in such stunts. Certainly Russian leadership realizes that North Korea is not a strong ally, but as Russia gets more used to life outside of the U.S. financial system, they may be taking notes. According to the excellent team, including J Burns Koven, over at Chainalysis North Korean hackers are using Russian cybercriminal crypto exchanges. Having leverage and everyone knowing it is great, but that's largely out of your control. Having no leverage is usually a narrative you try to control, but every now and again it's helpful to make it clear to the world just how little leverage you have.